After authenticating with JAAS (posting to j_security_check) Tomcat redirects you to the page you intended to go in the first place. You can't control which page to go after you authenticate, If you try to go to /home.jsp and you have not authenticated yet, you get a login prompt. If you provide the correct user/password, you are redirected to /home.jsp, the one you intended to go to.

response.sendRedirect("CONTEXT_ROOT/j_security_check") will not work on jboss-4.0.0 with tomcat-5.0.28 but jboss-3.2.6 with tomcat-5.0.28 work well.I can see 'GenericPrincipal[admin(admin,user)] in both versions.

When I call IsUserInRole("admin"), it returns true on 3.2.6 but false on 4.0.0.Are there deferences between two versions?